ExamGecko

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 7

List of questions

Question 61

Report
Export
Collapse

Sales users at Universal containers use salesforce for Opportunity management. Marketing uses a third-party application called Nest for Lead nurturing that is accessed using username/password. The VP of sales wants to open up access to nest for all sales uses to provide them access to lead history and would like SSO for better adoption. Salesforce is already setup for SSO and uses Delegated Authentication. Nest can accept username/Password or SAML-based Authentication. IT teams have received multiple password-related issues for nest and have decided to set up SSO access for Nest for Marketing users as well. The CIO does not want to invest in a new IDP solution and is considering using Salesforce for this purpose. Which are appropriate license type choices for sales and marketing users, giving salesforce is using Delegated Authentication? Choose 2 answers

Salesforce license for sales users and Identity license for Marketing users
Salesforce license for sales users and Identity license for Marketing users
Salesforce license for sales users and External Identity license for Marketing users
Salesforce license for sales users and External Identity license for Marketing users
Identity license for sales users and Identity connect license for Marketing users
Identity license for sales users and Identity connect license for Marketing users
Salesforce license for sales users and platform license for Marketing users.
Salesforce license for sales users and platform license for Marketing users.
Suggested answer: A, D
asked 23/09/2024
Muhammad Imran
41 questions

Question 62

Report
Export
Collapse

Universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to achieve the goal?

Access Tokens
Access Tokens
Mobile pins
Mobile pins
Refresh Tokens
Refresh Tokens
Scopes
Scopes
Suggested answer: D
asked 23/09/2024
RYAN UBANA
39 questions

Question 63

Report
Export
Collapse

Universal containers (UC) is building a mobile application that will make calls to the salesforce REST API. Additionally UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes should UC configure in the connected App? Choose 2 answers

Refresh token
Refresh token
API
API
full
full
Web
Web
Suggested answer: A, B
asked 23/09/2024
josh hill
37 questions

Question 64

Report
Export
Collapse

universal container plans to develop a custom mobile app for the sales team that will use salesforce for authentication and access management. The mobile app access needs to be restricted to only the sales team. What would be the recommended solution to grant mobile app access to sales users?

Use a custom attribute on the user object to control access to the mobile app
Use a custom attribute on the user object to control access to the mobile app
Use connected apps Oauth policies to restrict mobile app access to authorized users.
Use connected apps Oauth policies to restrict mobile app access to authorized users.
Use the permission set license to assign the mobile app permission to sales users
Use the permission set license to assign the mobile app permission to sales users
Add a new identity provider to authenticate and authorize mobile users.
Add a new identity provider to authenticate and authorize mobile users.
Suggested answer: B
asked 23/09/2024
Andres Romo
44 questions

Question 65

Report
Export
Collapse

Universal containers (UC) has a mobile application that it wants to deploy to all of its salesforce users, including customer Community users. UC would like to minimize the administration overhead, which two items should an architect recommend? Choose 2 answers

Enable the "Refresh Tokens is valid until revoked " setting in the Connected App.
Enable the "Refresh Tokens is valid until revoked " setting in the Connected App.
Enable the "Enforce Ip restrictions" settings in the connected App.
Enable the "Enforce Ip restrictions" settings in the connected App.
Enable the "All users may self-authorize" setting in the Connected App.
Enable the "All users may self-authorize" setting in the Connected App.
Enable the "High Assurance session required" setting in the Connected App.
Enable the "High Assurance session required" setting in the Connected App.
Suggested answer: A, C
asked 23/09/2024
Asif Ibrahim
47 questions

Question 66

Report
Export
Collapse

The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
Suggested answer: C
asked 23/09/2024
Arslan Sheik
37 questions

Question 67

Report
Export
Collapse

Universal Containers (UC) wants its users to access Salesforce and other SSO-enabled applications from a custom web page that UC magnets. UC wants its users to use the same set of credentials to access each of the applications. what SAML SSO flow should an Architect recommend for UC?

SP-Initiated with Deep Linking
SP-Initiated with Deep Linking
SP-Initiated
SP-Initiated
IdP-Initiated
IdP-Initiated
User-Agent
User-Agent
Suggested answer: C
asked 23/09/2024
Arun Pandian
40 questions

Question 68

Report
Export
Collapse

Universal Containers (UC) uses a home-grown Employee portal for their employees to collaborate.

UC decides to use Salesforce Ideas to allow employees to post Ideas from the Employee portal.

When users click on some of the links in the Employee portal, the users should be redirected to Salesforce, authenticated, and presented with the relevant pages. What OAuth flow is best suited for this scenario?

Web Application flow
Web Application flow
SAML Bearer Assertion flow
SAML Bearer Assertion flow
User-Agent flow
User-Agent flow
Web Server flow
Web Server flow
Suggested answer: D
asked 23/09/2024
SULIMAN ALGHURAIR
35 questions

Question 69

Report
Export
Collapse

Universal Containers (UC) is planning to deploy a custom mobile app that will allow users to get esignatures from its customers on their mobile devices. The mobile app connects to Salesforce to upload the e-signature as a file attachment and uses OAuth protocol for both authentication and authorization. What is the most recommended and secure OAuth scope setting that an Architect should recommend?

Id
Id
Web
Web
Api
Api
Custom_permissions
Custom_permissions
Suggested answer: D
asked 23/09/2024
Russell Bartsch
39 questions

Question 70

Report
Export
Collapse

IT security at Unversal Containers (UC) us concerned about recent phishing scams targeting its users and wants to add additional layers of login protection. What should an Architect recommend to address the issue?

Use the Salesforce Authenticator mobile app with two-step verification
Use the Salesforce Authenticator mobile app with two-step verification
Lock sessions to the IP address from which they originated.
Lock sessions to the IP address from which they originated.
Increase Password complexity requirements in Salesforce.
Increase Password complexity requirements in Salesforce.
Implement Single Sign-on using a corporate Identity store.
Implement Single Sign-on using a corporate Identity store.
Suggested answer: A
asked 23/09/2024
Samuel Afonso de la Hoz
34 questions
Total 248 questions
Go to page: of 25
Search

Related questions